Detections
Analytics
CVE-2007-0957
critical
Description
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411
http://www.vupen.com/english/advisories/2007/1983
http://www.vupen.com/english/advisories/2007/1470
http://www.vupen.com/english/advisories/2007/1250
http://www.vupen.com/english/advisories/2007/1218
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
http://www.ubuntu.com/usn/usn-449-1
http://www.securitytracker.com/id?1017849
http://www.securityfocus.com/bid/23285
http://www.securityfocus.com/archive/1/464814/30/7170/threaded
http://www.securityfocus.com/archive/1/464666/100/0/threaded
http://www.securityfocus.com/archive/1/464592/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2007-0095.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
http://www.kb.cert.org/vuls/id/704024
http://www.debian.org/security/2007/dsa-1276
http://security.gentoo.org/glsa/glsa-200704-02.xml
http://secunia.com/advisories/25464
http://secunia.com/advisories/24966
http://secunia.com/advisories/24817
http://secunia.com/advisories/24798
http://secunia.com/advisories/24786
http://secunia.com/advisories/24785
http://secunia.com/advisories/24757
http://secunia.com/advisories/24750
http://secunia.com/advisories/24740
http://secunia.com/advisories/24736
http://secunia.com/advisories/24735
http://secunia.com/advisories/24706
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html